scsi: core: Make scsi_internal_device_unblock_nowait() reject invalid new_state

The only 'new_state' values passed by upstream kernel code to
scsi_internal_device_unblock_nowait() are SDEV_RUNNING and
SDEV_TRANSPORT_OFFLINE. These are the only values that should be passed to
this function. Hence check the value of the 'new_state' argument to avoid
that scsi_internal_device_unblock_nowait() would be used to trigger an
illegal SCSI device state transition. In this context 'illegal' means not
allowed by scsi_device_set_state().

Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index c72bce2f0cf16929c19b53a4e3057939c6f1bca6..7a4ac7a8e907fb2340fdc046e041c38a57df7c01 100644 (file)
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -2707,6 +2707,14 @@ void scsi_start_queue(struct scsi_device *sdev)
 int scsi_internal_device_unblock_nowait(struct scsi_device *sdev,
                                        enum scsi_device_state new_state)
 {
+       switch (new_state) {
+       case SDEV_RUNNING:
+       case SDEV_TRANSPORT_OFFLINE:
+               break;
+       default:
+               return -EINVAL;
+       }
+
        /*
         * Try to transition the scsi device to SDEV_RUNNING or one of the
         * offlined states and goose the device queue if successful.